| Integrated Security | Whether to use integrated security to log in (GSS/SSPI), currently supported on Windows only. [See docs for more info](security.md). | false |

| Persist Security Info | Gets or sets a Boolean value that indicates if security-sensitive information, such as the password, is not returned as part of the connection if the connection is open or has ever been in an open state. Since 3.1 only. | false |

By default PostgreSQL connections are unencrypted, but you can turn on SSL/TLS encryption if you wish. First, you have to set up your PostgreSQL to receive SSL/TLS connections [as described here](http://www.postgresql.org/docs/current/static/ssl-tcp.html).

By default PostgreSQL connections are unencrypted, but you can turn on SSL/TLS encryption if you wish. First, you have to set up your PostgreSQL to receive SSL/TLS connections [as described here](http://www.postgresql.org/docs/current/static/ssl-tcp.html). Once that's done, specify `SSL Mode` in your connection string, setting it to either `Require` (connection will fail if the server isn't set up for encryption), or `Prefer` (use encryption if possible but fallback to unencrypted otherwise).

Once that's done, specify `SSL Mode` in your connection string, setting it to either `Require` (connection will fail if the server isn't set up for encryption), or `Prefer` (use encryption if possible but fallback to unencrypted otherwise).

By default, Npgsql will validate your server's certificate; if you're using a self-signed certificate, this will fail. You can instruct Npgsql to ignore this by specifying `Trust Server Certificate=true` in the connection string. To precisely control how the server's certificate is validated, you can register `UserCertificateValidationCallback` on `NpgsqlConnection` (this works just like on .NET's [`SslStream`](https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslstream)).

Note that by default, Npgsql will verify that your server's certificate is valid. If you're using a self-signed certificate this will fail. You can instruct Npgsql to ignore this by specifying

`Trust Server Certificate=true` in the connection string. To precisely control how the server's certificate is validated, you can register `UserCertificateValidationCallback` on `NpgsqlConnection` (this works just like on .NET's [`SSLStream`](https://msdn.microsoft.com/en-us/library/system.net.security.remotecertificatevalidationcallback(v=vs.110).aspx)).

You can also have Npgsql provide client certificates to the server by registering the `ProvideClientCertificatesCallback` on `NpgsqlConnection` (this works just like on .NET's [`SSLStream`](https://msdn.microsoft.com/en-us/library/system.net.security.localcertificateselectioncallback(v=vs.110).aspx)).

If you need provide client certificates as part of authentication, you can point Npgsql to a certificate file by setting the `Client Certificate` connection string parameter. Npgsql will also implement [the standard PostgreSQL behavior](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-CLIENTCERT) and will recognize the `PGSSLCERT` environment variable, as well as `~/.postgresql/postgresql.crt` (`%APPDATA%\postgresql\postgresql.crt` on Windows). Finally, you can set the `ProvideClientCertificatesCallback` on `NpgsqlConnection` to further customize how client certificates are provided (this works just like on .NET's [`SslStream`](https://docs.microsoft.com/en-us/dotnet/api/system.net.security.sslstream)).